Aggregator

Submit #634316 / VDB-317779

A vulnerability identified as problematic has been detected in diyhi bbs up to 6.8. The impacted element is an unknown function of the file src/main/java/cms/web/action/filePackage/FilePackageManageAction.java of the component File Compression Handler. This manipulation of the argument idGroup causes information disclosure. This vulnerability is registered as CVE-2025-9461. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

As students return to campus and online learning platforms, cybercriminals are increasingly leveraging artificial intelligence to create sophisticated scams targeting the education sector. These AI-enhanced attacks have become more convincing and harder to detect, making them particularly dangerous for students, parents, and educational institutions. The integration of machine learning algorithms, natural language processing, and deepfake […]

The post 5 Common Back-to-School Online Scams Powered Using AI and How to Avoid Them appeared first on Cyber Security News.

A vulnerability categorized as problematic has been discovered in Mahara up to 23.04.6/24.04.1. The affected element is an unknown function of the component Footer Links Handler. The manipulation of the argument About/Contact/Help results in cross site scripting. This vulnerability is cataloged as CVE-2024-39923. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Biosig libbiosig 3.9.0. It has been rated as problematic. Impacted is an unknown function of the component Nex Parser. The manipulation leads to out-of-bounds read. This vulnerability is listed as CVE-2025-52461. The attack may be initiated remotely. There is no available exploit.

A vulnerability was found in Biosig libbiosig 3.9.0. It has been declared as critical. This issue affects some unknown processing of the file biosig.c of the component MFER Parser. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-54480. The attack can be launched remotely. No exploit exists.

De Johan Willem Frisokazerne in Assen moet een belangrijke plek worden voor zowel de krijgsmacht als de regio. De kazerne wordt compacter en efficiënter ingericht. Daardoor komt er ruimte vrij voor onder meer onderwijs, innovatie en rijksdiensten. De kazerne opent dus letterlijk en figuurlijk haar poorten. De nieuwe afspraken zijn vandaag op het kazerneterrein met handtekeningen bekrachtigd. 

A vulnerability was found in Biosig libbiosig 3.9.0. It has been classified as critical. This vulnerability affects unknown code of the component Nex Parser. Performing manipulation results in heap-based buffer overflow. This vulnerability is identified as CVE-2025-54462. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in Biosig libbiosig 3.9.0 and classified as critical. This affects an unknown part of the component ISHNE Parser. Such manipulation leads to heap-based buffer overflow. This vulnerability is referenced as CVE-2025-53853. It is possible to launch the attack remotely. No exploit is available.

A vulnerability has been found in Biosig libbiosig 3.9.0 and classified as critical. Affected by this issue is some unknown functionality of the component MFER Parser. This manipulation causes heap-based buffer overflow. The identification of this vulnerability is CVE-2025-53557. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Biosig libbiosig 3.9.0. Affected by this vulnerability is an unknown functionality of the component MFER Parser. The manipulation results in heap-based buffer overflow. This vulnerability was named CVE-2025-53511. The attack may be performed from a remote location. There is no available exploit.

A vulnerability, which was classified as critical, has been found in Biosig libbiosig 3.9.0. Affected is an unknown function of the component GDF Parser. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2025-52581. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability classified as critical was found in Biosig libbiosig 3.9.0. This impacts an unknown function of the component ABF Parser. Executing manipulation can lead to integer overflow. This vulnerability is handled as CVE-2025-53518. The attack can be executed remotely. There is not any exploit available.

A vulnerability classified as critical has been found in Biosig libbiosig 3.9.0. This affects an unknown function of the component RHS2000 Parser. Performing manipulation results in heap-based buffer overflow. This vulnerability is known as CVE-2025-48005. Remote exploitation of the attack is possible. No exploit is available.

A novel adaptation of the ClickFix social engineering technique has been identified, leveraging invisible prompt injection to weaponize AI summarization systems in email clients, browser extensions, and productivity platforms.  By embedding malicious step-by-step instructions within hidden HTML elements—using CSS obfuscation methods such as zero-width characters, white-on-white text, tiny font sizes, and off-screen positioning—attackers can poison […]

The post Threat Actors Weaponizes AI Generated Summaries With Malicious Payload to Execute Ransomware appeared first on Cyber Security News.

Submit #634295 / VDB-321296

A vulnerability was found in TOTVS Portal Meu RH up to 12.1.17. It has been declared as problematic. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability appears as CVE-2025-9193. The attack may be performed from a remote location. In addition, an exploit is available. It is recommended to upgrade the affected component. The vendor explains, that "[o]ur internal validation (...) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs."

A critical security vulnerability has been discovered in Zendesk’s Android SDK implementation that allows attackers to perform mass account takeovers without any user interaction.  The flaw, which earned a $3,000 bug bounty payout, stems from predictable token generation mechanisms that enable unauthorized access to all Zendesk support tickets across affected organizations. Key Takeaways1. Predictable JWT […]

The post 0-Click Zendesk Account Takeover Vulnerability Enables Access to all Zendesk Tickets appeared first on Cyber Security News.

It is business as usual at National Public Data (NPD) despite the breach that exposed 3 billion Social Security numbers and the subsequent leak.

Так работает новая атака на Linux, против которой бессилен даже опытный глаз.